Chapter 2 Installing Directory Server Enterprise Edition 6.2

Software Installation provides
step by step instructions on how to install Directory Server Enterprise Edition software. It also provides
step by step instructions on how to upgrade the Directory Server Enterprise Edition 6.0 and 6.1 installations.

Server Instance Creation provides
step by step instructions on how to create server instances after you install
the software.

When you install DSCC, you automatically install Directory Server from
native packages. DSCC uses its own local instance of Directory Server to
store information about your directory service configuration. The instance
is referred to as the DSCC Registry.

You can use the Directory Server software that is installed alongside DSCC to
create your own additional Directory Server instances on the system.

Before You Begin

Obtain the Java Enterprise System distribution for this installation, as shown
in the following figure:

If you do not login to Java
Web Console using server's root login information, the system might require
you to have the root privileges while performing certain tasks such as starting
the server instances.

By default, the URL to access Java Web Console is https://hostname:6789

Click the Directory Service Control Center link.

Login to DSCC as Directory Service Manager.

Directory
Service Manager's entry is stored in the DSCC registry. Directory
Service Manager has administrator access to DSCC. Directory Service
Manager also has administrator access to the server instances registered with DSCC.

Begin managing your servers through Directory Service Control Center.

After Directory Service Control Center is running, enable Java Web Console to restart
when the system reboots.

On a Solaris system, the following command
enables restart upon reboot.

(Optional) Enable the Common Agent Container, cacao, to restart when the operating system reboots.

root# cacaoadm enable

If you decide not to enable the common agent container, the operating system would not be able to use DSCC to communicate with the servers handled by that instance of cacao after rebooting the operating system.

To Install Only Directory Server From
Native Packages

This procedure covers installation of Directory Server from native
packages. You must be root to perform this procedure.

Note –

If you installed Directory Service Control Center, you automatically installed Directory Server from
native packages. You can use the Directory Server software that is installed
alongside DSCC to create your own additional Directory Server instances
on the system.

Before You Begin

Obtain the Java Enterprise System distribution for this installation, as shown
in the following figure:

Complete the following worksheet for your installation.

Requisite Information

Hints

Your Answers

Fully qualified hostname of the system where you install Directory Server

Example: ds.example.com

(Optional) Cacao common agent container port number to access from Directory Service Control Center

Default: 11162

File system paths where you create Directory Server instances

Example: /local/ds/

Create instances only on local file systems, never on network–mounted
file systems such as NFS.

(Optional) Enable the Common Agent Container, cacao, to restart when the operating system reboots.

root# cacaoadm enable

If you decide not to enable the common agent container, the operating system would not be able to use DSCC to communicate with the servers handled by that instance of cacao after rebooting the operating system.

(Optional) Enable the Common Agent Container, cacao, to restart when the operating system reboots.

root# cacaoadm enable

If you decide not to enable the common agent container, the operating system would not be able to use DSCC to communicate with the servers handled by that instance of cacao after rebooting the operating system.

Next Steps

To Install Directory Server Enterprise Edition From Zip Distribution

Before You Begin

During the installation process, if dsee_deploy finds
an existing instance of Directory Server Enterprise Edition, it upgrades the instance automatically.
Backup the Directory Server Enterprise Edition installation directory, if any, before upgrading to Directory Server Enterprise Edition 6.2,
as later you will not be able to restore any previous Directory Server Enterprise Edition installation.

This version removes any previous partial installation of Directory Server Enterprise Edition.

You can install the zip distribution as non-root user.

Refer to the following table for information about the appropriate zip
patch for your system. If newer patch revisions become available, use the
newer ones instead of those shown in the table.

For example, the following command installs the component in the /local directory, assuming that you have write
access to the directory.

$ ./dsee_deploy install -i /local

You can also use the --no-inter option to install in
non-interactive mode, accepting the license without confirmation. Non-interactive
mode is particularly useful for silent installation.

This step installs a Common Agent Container, cacao,
with the local Directory Service Control Center agent as well, allowing you to use DSCC to
create server instances. The previous command works properly only
if you have not yet installed a Common Agent Container using the default port, 11162.

If you installed DSCC previously on the same system, a Common Agent Container using the default
port is already installed. Specify a different port using the -p option.

Next Steps

Installing Directory Service Control Center From Zip Distribution

The Directory Server Enterprise Edition zip distribution includes a WAR file (dscc.war)
that contains the Directory Service Control Center (DSCC) web application. The WAR file
is deployed with the application server to enable you to do the following
tasks:

Connect to DSCC without having an operating system
login account on the system hosting DSCC.

The
following two procedures contain information about deploying the WAR file
with Sun Java System Application Server and Tomcat respectively.

To Deploy the WAR File with Sun Java System Application
Server

After you install Directory Server Enterprise Edition, the WAR file, dscc.war,
is at install path/var/dscc6/.

The steps might differ depending on the application server that you
use to deploy the WAR file. For information about deploying the WAR file using
other application servers, see the respective server documentation.

For more information about creating and configuring application server
instances and deploying the WAR file, refer to the Sun Java System
Application Server Online Help.

Open DSCC.

Use http://localhost:8080 or https://localhost:8181 based on the configuration of your application
server.

The Directory Service Manager Login page displays.

To Deploy WAR File with Tomcat

After you install Directory Server Enterprise Edition, the WAR file, dscc.war,
is at install path/var/dscc6/.

The dscc.war is installed in the same way as any
other web application, except the following settings:

The application needs to communicate with the DSCC registry
created using the dsccsetup ads-create command.

You must disable the tag pooling on your Tomcat server instance
by setting the enablePooling parameter value to false in web.xml.

The following example shows how to install DSCC in Tomcat on
a Solaris 10 system.

The steps might differ depending on the application server that you
use to deploy the WAR file. For information about deploying the WAR file using
other application servers, see the respective server documentation.

Upgrading Shared Components

For Directory Server Enterprise Edition to work properly you must upgrade the shared components.

You can upgrade the shared components using any of the following procedures:

Upgrading Shared Components Using Java ES Installer

Upgrading Shared Components Using Patches

Upgrading Shared Components Using Java ES Installer

Before You Begin

You must be root to perform this procedure.

You can use the Java ES installer to upgrade the shared components
only on Solaris and Linux .

Start the Java ES installer.

# ./installer

After the Welcome and License Agreement pages are displayed, the component
selection page displays. (When installed components are detected that can
be directly upgraded by the Java ES installer, they are shown with
a status of “upgradable.”)

Select the All Shared Components check box in the component selection
page.

Confirm your choice.

All shared components will be
upgraded.

Finish installing the shared components using the Java ES installer.

Upgrading Shared Components Using Patches

Before You Begin

You must be root to perform this procedure.

Using patches, you can upgrade shared components on Solaris, Linux,
and Windows.

On Linux, to install patches you must use installpatch,
when available.

Select the platform as per your requirements and install all the patches
specified for that platform. If newer patch revisions become available, use
the newer ones instead of those shown in the table.

The following table displays the patch numbers that are required to
upgrade Directory Server Enterprise Edition on different platforms. If newer patch revisions become
available, use the newer ones instead of those shown in the table.

Follow the instructions in the Directory Service Control Center New Server wizard
to create the server instance.

Note –

The instance path does not support non-ASCII characters.

To Create a Directory Server Instance
From the Command Line

In this procedure, you create a server instance on
the local host using the dsadm command. You then create
a suffix that you populate with data using the dsconf command.

Non-root users can create server instances.

A Directory Server instance contains the configuration and data necessary
to respond to directory client applications. When you start or stop an instance,
you start or stop the server process. The server process is what serves directory
client requests corresponding to the data managed by that instance.

The dsadm command enables you to manage a Directory Server instance
and the files belonging to that instance on the local host. The command does
not let you administer servers over the network, but only directly on the
local host. The dsadm command has subcommands for each
key management task. For a complete description, see dsadm(1M).

The dsconf command is an LDAP client. The command
enables you to configure nearly all server settings on a running Directory Server instance
from the command line. You can configure settings whether the server is on
the local host or another host that is accessible across the network. The dsconf command has subcommands for each key configuration task.
For a complete description, see dsconf(1M).

Before You Begin

For example, the following command creates the ds instance
under the existing directory, /local/.
The new instance has default ports 389 for LDAP, 636 for LDAPS for root users,
and 1389 for LDAP, 1636 for LDAPS for non-root users.

At this point, you have a working server instance. However, you must further configure the server instance. The instance is
not yet registered with Directory Service Control Center.

(Optional) Use the new password policy mode, unless
the instance belongs to a replication topology with the Directory Server Enterprise Edition 5 instances.

Your server instance might be standalone. Alternatively, your instance
might belong to a replication topology that has already been migrated to the
new password policy mode. In either case, perform this step.

Follow the instructions in the Directory Service Control Center New Server wizard
to create the server instance.

To Create a Directory Proxy Server Instance
From the Command Line

In this procedure, you create a server instance on
the local host using the dpadm command. You then configure
the instance using the dpconf command.

Non-root users can create server instances.

A Directory Proxy Server instance must be configured to proxy directory
client application requests to data sources through data views. When you start or stop an instance, you start or stop
the server process that proxies directory client application requests.

The dpadm command enables you to manage a Directory Proxy Server instance
and the files belonging to that instance on the local host. The command does
not allow you to administer servers over the network, but only directly on
the local host. The dpadm command has subcommands for each
key management task. For a complete description, see dpadm(1M).

The dpconf command is an LDAP client. The command
enables you to configure nearly all server settings on a running Directory Proxy Server instance
from the command line. You can configure settings whether the server is on
the local host or another host that is accessible across the network. The dpconf command has subcommands for each key configuration task.
For a complete description, see dpconf(1M).

Before You Begin

For example, the following command creates an instance, dps,
under the existing directory, /local/.
The default ports are 389 for LDAP, 636 for LDAPS for root users,
and 1389 for LDAP, 1636 for LDAPS for non-root users.

Notice that LDAP search operations work for the suffix handled
by your data view, but do not work for other suffixes. If you search a suffix
for which no data view is configured, the server returns an error.

If your accelerator board has a FIPS 140-2 keystore, make sure the private
key is generated on the device. Sun Crypto Accelerator 4000 and 6000 boards
have FIPS 140-2 keystores, for example. The exact process depends on the board.

Create a password file that contains the PIN needed to access
the cryptographic framework.

$ echo "Sun Metaslot:password" > /local/ds/alias/slapd-pin.txt

Start Directory Server.

$ dsadm start /local/ds

To Use Directory Proxy Server With Cryptographic Hardware on a Solaris
10 System

Before You Begin

This procedure is designed for use with Sun Crypto Accelerator hardware.
Perform the following procedure as the same user who runs the Directory Proxy Server instance.